Saturday, June 05, 2004

The Mac operating system, once thought of as invulnerable, has recently copped its share of criticism

When it comes to security, Apple Computer's report card reads like that of a gifted child: high marks for achievement, but needs to communicate better with others.

In general, the Mac operating system has seen far fewer bugs than its Windows counterpart. But some say a recent vulnerability demonstrates that the notoriously tight-lipped company must communicate more openly on security issues and move more quickly when it comes to plugging holes.

"I think there's room for improvement with their response speed on problems with their own code," said Chris Adams, a Mac user and system administrator for San Diego's Salk Institute for Biological Studies, a research centre that's played a part in training five Nobel Prise-winning scientists. "The general pattern is complete silence for months and then a terse announcement when the update is released."

Adams said Apple has done a pretty good job of updating the operating system to fill holes found in various Unix components. But what is needed, Adams and others contend, is more dialogue about what the company is doing with regard to security.

"At the very least, they need to communicate with the people who report these problems, so it's obvious that work is happening," Adams said in an email interview. "Depending on the problem, it may also be a good idea to announce a workaround if a fix won't be available quickly."

The issue of Apple's communication with the security industry came to the forefront last month. Researchers went public with a combination of vulnerabilities that, if exploited, could allow a Mac to be taken over by hackers. One of the researchers involved, a coder known as "lixlpixel," said he privately notified Apple of a problem in February but went public with his findings in May after not hearing back from the company.

Apple senior vice president Phil Schiller said the Mac's security is good and noted that the company is under more scrutiny now that the Mac is facing what he described as the first critical vulnerability since the release of Mac OS X three years ago.

According to Schiller, there was more to the critical issue Apple wound up addressing in May than just the flaw reported to the company several months earlier...